src/pkg/crypto/tls/ca_set.go - Issue 157076: crypto/tls: add initial client implementation.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: src/pkg/crypto/tls/ca_set.go

Issue 157076: crypto/tls: add initial client implementation. (Closed)

Patch Set: code review 157076: crypto/tls: add initial client implementation. Created 15 years, 4 months ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2009 The Go Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style

	3 // license that can be found in the LICENSE file.

	4

	5 package tls

	6

	7 import (

	8 "crypto/x509";

	9 "encoding/pem";

	10 )

	11

	12 // A CASet is a set of certificates.

	13 type CASet struct {

	14 bySubjectKeyId map[string]*x509.Certificate;

	15 byName map[string]*x509.Certificate;

	16 }

	17

	18 func NewCASet() *CASet {

	19 return &CASet{

	20 make(map[string]*x509.Certificate),

	21 make(map[string]*x509.Certificate),

	22 }

	23 }

	24

	25 func nameToKey(name *x509.Name) string {

	26 return name.Country + "/" + name.OrganizationalUnit + "/" + name.Organiz ationalUnit + "/" + name.CommonName

	27 }

	28

	29 // FindParent attempts to find the certificate in s which signs the given

	30 // certificate. If no such certificate can be found, it returns nil.

	31 func (s CASet) FindParent(cert x509.Certificate) (parent *x509.Certificate) {

	32 var ok bool;

	33

	34 if len(cert.AuthorityKeyId) > 0 {

	35 parent, ok = s.bySubjectKeyId[string(cert.AuthorityKeyId)]

	36 } else {

	37 parent, ok = s.byName[nameToKey(&cert.Issuer)]

	38 }

	39

	40 if !ok {

	41 return nil

	42 }

	43 return parent;

	44 }

	45

	46 // SetFromPEM attempts to parse a series of PEM encoded root certificates. It

	47 // appends any certificates found to s and returns true if any certificates

	48 // were successfully parsed. On many Linux systems, /etc/ssl/cert.pem will

	49 // contains the system wide set of root CAs in a format suitable for this

	50 // function.

	51 func (s *CASet) SetFromPEM(pemCerts []byte) (ok bool) {

	52 for len(pemCerts) > 0 {

	53 var block *pem.Block;

	54 block, pemCerts = pem.Decode(pemCerts);

	55 if block == nil {

	56 break

	57 }

	58 if block.Type != "CERTIFICATE" \|\| len(block.Headers) != 0 {

	59 continue

	60 }

	61

	62 cert, err := x509.ParseCertificate(block.Bytes);

	63 if err != nil {

	64 continue

	65 }

	66

	67 if len(cert.SubjectKeyId) > 0 {

	68 s.bySubjectKeyId[string(cert.SubjectKeyId)] = cert

	69 }

	70 s.byName[nameToKey(&cert.Subject)] = cert;

	71 ok = true;

	72 }

	73

	74 return;

	75 }

OLD	NEW

« no previous file with comments | « src/pkg/crypto/tls/Makefile ('k') | src/pkg/crypto/tls/common.go » ('j') | no next file with comments »